Security

Keeping your data secure


Security Advisories

See our archive of past security advisories.

How to Report a Security Vulnerability

If you discover a security vulnerability or would like to report a security issue privately and securely, please email us at [email protected]. You can use GPG keys to communicate with us securely. If you do, please upload your GPG public key or supply it to us in some other way, so that we can reply securely too:

OME takes its responsibility to help keep our users’ data secure very seriously. We strongly encourage people to report any security issues to our private security mailing list.

Bug Bounties / Vulnerability Reward Program (VRP)

OME enjoys a close relationship with and supports independent assessment of its products by the security research community. Responsible disclosure is a key part of this relationship. However, as a predominantly academically funded project OME does not operate a Bug Bounty or Vulnerability Reward Program (VRP) at this time.

Our Process

Emails sent to us are read and acknowledged with a non-automated response. For issues that are complicated and require significant attention, we will open an investigation and keep you informed of our progress.

Details will only be released to the public once we have a fix in place.

Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities in OME products and managing the process of fixing such vulnerabilities. We cannot accept bug reports or other queries at this address. All mail sent to this address that does not relate to a security problem will be ignored.

Furthermore, as a public open source project emails related to common or low-risk findings will be ignored. Here are some examples:

For bug reports and other issues, please use our public mailing lists and forums.

back to top